Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:D9D0628EB7F119AA216E0E6340A59918
HistoryAug 14, 2006 - 12:00 a.m.

Mozilla Firefox JavaScript Navigator object vulnerability

2006-08-1400:00:00
SAINT Corporation
download.saintcorporation.com
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

JSON

Added: 08/14/2006
CVE: CVE-2006-3677
BID: 19192
OSVDB: 27559

Background

When used in a web page, Java references properties of the **window.navigator** object as it starts up in Firefox or SeaMonkey.

Problem

If a web page replaces the navigator object before starting Java, then the page could cause the browser to crash in a way that allows arbitrary command execution.

Resolution

Upgrade to Firefox 1.5.0.5 or higher or SeaMonkey 1.0.3 or higher.

References

<http://www.mozilla.org/security/announce/2006/mfsa2006-45.html&gt;

Limitations

Exploit works on Firefox 1.5.0.4 and requires a user to click on the Exploit button. The Java plug-in must be installed in order for the exploit to succeed. Firefox’s automatic update feature must be disabled in order for the exploit to succeed. Note that it may take several minutes for this exploit to succeed because a large amount of memory must be allocated on the target.

Platforms

Windows 2000
Windows XP SP2
Linux
Ubuntu Linux

Related

saint 3
checkpoint_advisories 2
seebug 3
cve 2
securityvulns 3
exploitpack 1
packetstorm 1
ubuntucve 1
zdi 1
mozilla 1
debiancve 1
cert 1
exploitdb 1
prion 1
openvas 7
ubuntu 1
nessus 21
gentoo 2
suse 1
centos 5
freebsd 1
redhat 5
oraclelinux 2
saint
saint
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
Mozilla Firefox JavaScript Navigator object vulnerability
2006-08-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Browsers JavaScript Navigator Object Memory Corruption - Ver2 (CVE-2006-3677)
2014-04-16 00:00:00
Mozilla Browsers JavaScript Navigator Object Memory Corruption - Ver2 (CVE-2006-3677)
2014-04-16 00:00:00
seebug
seebug
Mozilla Firefox &lt;= 1.5.0.4 Javascript Navigator Object Code Execution PoC
2006-07-28 00:00:00
Mozilla Firefox Javascript Navigator Object Remote Code Execution Vulnerability
2006-10-24 00:00:00
Mozilla Firefox <= 1.5.0.4 - Javascript Navigator Object Code Execution PoC
2014-07-01 00:00:00
cve
cve
CVE-2006-3677
2006-07-27 19:04:00
CVE-2008-0729
2008-02-12 21:00:00
securityvulns
securityvulns
Netscape/K-Meleon/Flock JavaScript navigator Vulnerability
2006-08-02 00:00:00
[Full-disclosure] ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability
2006-07-27 00:00:00
US-CERT Technical Cyber Security Alert TA06-208A -- Mozilla Products Contain Multiple Vulnerabilities
2006-07-28 00:00:00
exploitpack
exploitpack
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution
2006-07-28 00:00:00
packetstorm
packetstorm
Mozilla Suite/Firefox Navigator Object Code Execution
2009-10-27 00:00:00
ubuntucve
ubuntucve
CVE-2006-3677
2006-07-27 00:00:00
zdi
zdi
Mozilla Firefox Javascript navigator Object Vulnerability
2006-07-26 00:00:00
mozilla
mozilla
Javascript navigator Object Vulnerability — Mozilla
2006-07-25 00:00:00
debiancve
debiancve
CVE-2006-3677
2006-07-27 19:04:00
cert
cert
Mozilla fails to properly release JavaScript references
2006-07-27 00:00:00
exploitdb
exploitdb
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution
2006-07-28 00:00:00
prion
prion
Design/Logic Flaw
2008-02-12 21:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200608-03 (Firefox)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200608-03 (Firefox)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-327-1)
2022-08-26 00:00:00
ubuntu
ubuntu
firefox vulnerabilities
2006-07-28 00:00:00
nessus
nessus
Firefox < 1.5.0.5 Multiple Vulnerabilities
2006-07-27 00:00:00
openSUSE 10 Security Update : seamonkey (seamonkey-1952)
2007-10-17 00:00:00
GLSA-200608-03 : Mozilla Firefox: Multiple vulnerabilities
2006-08-04 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2006-08-03 00:00:00
Mozilla SeaMonkey: Multiple vulnerabilities
2006-08-03 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2006-08-16 15:11:18
centos
centos
seamonkey security update
2006-08-04 20:56:41
thunderbird security update
2006-07-29 11:51:27
firefox security update
2006-07-29 11:51:13
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-07-25 00:00:00
redhat
redhat
(RHSA-2006:0608) seamonkey security update
2006-07-27 00:00:00
(RHSA-2006:0611) thunderbird security update
2006-07-28 00:00:00
(RHSA-2006:0610) firefox security update
2006-07-28 00:00:00
oraclelinux
oraclelinux
Critical firefox security update
2006-12-07 00:00:00
Critical thunderbird security update
2006-12-07 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

JSON
Related for SAINT:D9D0628EB7F119AA216E0E6340A59918
saint3checkpoint_advisories2seebug3cve2securityvulns3exploitpack1packetstorm1ubuntucve1zdi1mozilla1debiancve1cert1exploitdb1prion1openvas7ubuntu1nessus21gentoo2suse1centos5freebsd1redhat5oraclelinux2